incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From my...@apache.org
Subject svn commit: r1452322 - in /sling/trunk/bundles: api/src/main/java/org/apache/sling/api/resource/ resourceresolver/ resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ resourceresolver/src/main/java/org/apache/sling/resourcereso...
Date Mon, 04 Mar 2013 14:23:35 GMT
Author: mykee
Date: Mon Mar  4 14:23:34 2013
New Revision: 1452322

URL: http://svn.apache.org/r1452322
Log:
SLING-2698 Add a minimal resource access gate, first shot

Added:
    sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java
    sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java
    sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/
    sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java
    sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateManager.java
    sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/
    sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceDecorator.java
    sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java
    sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateManagerImpl.java
    sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateManagerTracker.java
    sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java
Modified:
    sling/trunk/bundles/resourceresolver/pom.xml

Added: sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java?rev=1452322&view=auto
==============================================================================
--- sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java
(added)
+++ sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/AccessGateException.java
Mon Mar  4 14:23:34 2013
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.api.resource;
+
+/**
+ * Exception thrown by
+ * <code>{@link ResourceAccessGate#sanitizeQuery(String, String, org.apache.sling.auth.core.spi.AuthenticationInfo)}</code>
+ * if the query is not allowed or illegal.
+ */
+public class AccessGateException extends Exception {
+
+    private static final long serialVersionUID = -8388988380137140280L;
+
+    /**
+     * Constructs a new instance of this class with <code>null</code> as its
+     * detail message.
+     */
+    public AccessGateException() {
+        super();
+    }
+
+    /**
+     * Constructs a new instance of this class with the specified detail
+     * message.
+     *
+     * @param message the detail message. The detail message is saved for later
+     *            retrieval by the {@link #getMessage()} method.
+     */
+    public AccessGateException(String message) {
+        super(message);
+    }
+
+    /**
+     * Constructs a new instance of this class with the specified detail message
+     * and root cause.
+     *
+     * @param message the detail message. The detail message is saved for later
+     *            retrieval by the {@link #getMessage()} method.
+     * @param rootCause root failure cause
+     */
+    public AccessGateException(String message, Throwable rootCause) {
+        super(message, rootCause);
+    }
+
+    /**
+     * Constructs a new instance of this class with the specified root cause.
+     *
+     * @param rootCause root failure cause
+     */
+    public AccessGateException(Throwable rootCause) {
+        super(rootCause);
+    }
+}

Added: sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java?rev=1452322&view=auto
==============================================================================
--- sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java
(added)
+++ sling/trunk/bundles/api/src/main/java/org/apache/sling/api/resource/ResourceAccessGate.java
Mon Mar  4 14:23:34 2013
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.api.resource;
+
+
+/**
+ * The <code>ResourceAccessGate</code> defines a service API which might 
+ * be used to make some restrictions to accessing resources.
+ * 
+ * Implementations of this service interface must be registered like
+ * ResourceProvider with a path (like provider.roots). If different
+ * ResourceAccessGateService services match a path, not only the
+ * ResourceAccessGateService with the longest path should be called, but all
+ * of them, that's in contrast to the ResourceProvider, but in this case more
+ * logical (and secure!).
+
+ * service properties:
+ * <ul>
+ * <li><b>path</b>: regexp to define on which paths the service should
be called
+ * (default .*)</li>
+ * <li><b>operations</b>: set of operations on which the service should
be called
+ * ("read,create,update,delete,execute", default all of them)</li>
+ * <li><b>finaloperations</b>: set of operations on which the service answer
is final an
+ * no other service should be called (default none of them)</li>
+ * </ul>
+ *
+ */
+public interface ResourceAccessGate {
+    
+    /**
+     * The service name to use when registering implementations of this
+     * interface as services (value is
+     * "org.apache.sling.api.resource.ResourceAccessGate").
+     */
+    String SERVICE_NAME = ResourceAccessGate.class.getName();
+
+    /**
+     * The name of the service registration property containing the path
+     * as a regular expression for which the service should be called 
+     * (value is "path").
+     */
+    String PATH = "path";
+
+    /**
+     * The name of the service registration property containing the operations
+     * for which the service should be called, defaults to all the operations
+     * (value is "operations").
+     */
+    String OPERATIONS = "operations";
+
+    /**
+     * The name of the service registration property containing the operations
+     * for which the service should be called and no further service should 
+     * be called after this, except the services returns DONTCARE as result, 
+     * default is empty (non of them are final)
+     * (value is "finaloperations").
+     */
+    String FINALOPERATIONS = "finaloperations";
+
+    /**
+     * <code>GateResult</code> defines 3 possible states which can be returned
+     * by the different canXXX methods of this interface.
+     * <ul>
+     * <li>GRANTED: means no restrictions</li>
+     * <li>DENIED: means no permission for the requested action</li>
+     * <li>DONTCARE: means that the implementation of the service has no information
+     * or can't decide and therefore neither can't grant or deny access</li>
+     * </ul>
+     */
+    public enum GateResult { GRANTED, DENIED, DONTCARE };
+    
+    public enum Operation { READ("read"),
+                            CREATE("create"),
+                            UPDATE("update"),
+                            DELETE("delete"),
+                            EXECUTE("execute");
+    
+        private String text;
+    
+        Operation( String text ) {
+            this.text = text;
+        }
+        
+        public static Operation fromString( String opAsString ) {
+            Operation returnValue = null;
+            
+            for (Operation op : Operation.values()) {
+                if ( opAsString.equals(op.getText()))
+                {
+                    returnValue = op;
+                    break;
+                }
+            }
+            
+            return returnValue;
+        }
+        
+        public String getText(){
+            return this.text;
+        }
+    }
+    
+    
+    public GateResult canRead( Resource resource, String user );
+    public GateResult canCreate( String absPathName, String user );
+    public GateResult canUpdate( Resource resource, String user );
+    public GateResult canDelete( Resource resource, String user );
+    public GateResult canExecute( Resource resource, String user );
+
+    public GateResult canReadValue( Resource resource, String valueName, String user );
+    public GateResult canCreateValue( Resource resource, String valueName, String user );
+    public GateResult canUpdateValue( Resource resource, String valueName, String user );
+    public GateResult canDeleteValue( Resource resource, String valueName, String user );
+
+    public String sanitizeQuery( String query, String language, String user ) throws AccessGateException;
+
+    /* for convenience (and performance) */
+    public boolean hasReadRestrictions( String user );
+    public boolean hasCreateRestrictions( String user );
+    public boolean hasUpdateRestrictions( String user );
+    public boolean hasDeleteRestrictions( String user );
+    public boolean hasExecuteRestrictions( String user );
+
+    public boolean canReadAllValues( Resource resource, String user );
+    public boolean canCreateAllValues( Resource resource, String user );
+    public boolean canUpdateAllValues( Resource resource, String user );
+    public boolean canDeleteAllValues( Resource resource, String user );
+
+}

Modified: sling/trunk/bundles/resourceresolver/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/pom.xml?rev=1452322&r1=1452321&r2=1452322&view=diff
==============================================================================
--- sling/trunk/bundles/resourceresolver/pom.xml (original)
+++ sling/trunk/bundles/resourceresolver/pom.xml Mon Mar  4 14:23:34 2013
@@ -85,7 +85,8 @@
                             *
                         </Import-Package>
                         <Private-Package>
-                            org.apache.sling.resourceresolver.impl.*
+                            org.apache.sling.resourceresolver.impl.*,
+                            org.apache.sling.resourceresolver.accessgate.impl.*
                         </Private-Package>
                     </instructions>
                 </configuration>
@@ -124,7 +125,7 @@
         <dependency>
             <groupId>org.apache.sling</groupId>
             <artifactId>org.apache.sling.commons.osgi</artifactId>
-            <version>2.1.0</version>
+            <version>2.2.1-SNAPSHOT</version>
             <scope>provided</scope>
         </dependency>
         <dependency>

Added: sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java?rev=1452322&view=auto
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java
(added)
+++ sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateHandler.java
Mon Mar  4 14:23:34 2013
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */package org.apache.sling.resourceresolver.accessgate;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.sling.api.resource.ResourceAccessGate;
+import org.apache.sling.commons.osgi.PropertiesUtil;
+import org.osgi.framework.ServiceReference;
+
+public class ResourceAccessGateHandler {
+    
+    private ResourceAccessGate resourceAccessGate;
+    
+    private Pattern pathPattern;
+    private List<ResourceAccessGate.Operation> operations = new ArrayList<ResourceAccessGate.Operation>();
+    private List<ResourceAccessGate.Operation> finalOperations = new ArrayList<ResourceAccessGate.Operation>();
+    
+    /**
+     * constructor
+     */
+    public ResourceAccessGateHandler ( ServiceReference resourceAccessGateRef ) {
+        
+        resourceAccessGate = (ResourceAccessGate) resourceAccessGateRef.getBundle().
+                getBundleContext().getService(resourceAccessGateRef);
+        /* extract the service property "path" */
+        String path = (String) resourceAccessGateRef.getProperty(ResourceAccessGate.PATH);
+        if ( path != null ) {
+            pathPattern = Pattern.compile(path);
+        }
+        else
+        {
+            pathPattern = Pattern.compile(".*");
+        }
+        
+        /* extract the service property "operations" */
+        String ops = (String) resourceAccessGateRef.getProperty(ResourceAccessGate.OPERATIONS);
+        if ( ops != null ) {
+            String[] opsArray = PropertiesUtil.toStringArray(ops);
+            for (String opAsString : opsArray) {
+                ResourceAccessGate.Operation operation = ResourceAccessGate.Operation.fromString(opAsString);
+                if ( operation != null )
+                {
+                    operations.add(operation);
+                }
+            }
+        }
+        else
+        {
+           for (ResourceAccessGate.Operation op : ResourceAccessGate.Operation.values() )
{
+               operations.add(op);
+           }
+        }
+        
+        /* extract the service property "finaloperations" */
+        String finOps = (String) resourceAccessGateRef.getProperty(ResourceAccessGate.FINALOPERATIONS);
+        if ( finOps != null ) {
+            String[] finOpsArray = PropertiesUtil.toStringArray(finOps);
+            for (String opAsString : finOpsArray) {
+                ResourceAccessGate.Operation operation = ResourceAccessGate.Operation.fromString(opAsString);
+                if ( operation != null )
+                {
+                    finalOperations.add(operation);
+                }
+            }
+        }
+
+    }
+    
+    public boolean matches ( String path, ResourceAccessGate.Operation operation ) {
+        boolean returnValue = false;
+        
+        if ( operations.contains( operation ) )
+        {
+            Matcher match = pathPattern.matcher(path);
+            returnValue = match.matches();
+        }
+        
+        return returnValue;
+    }
+    
+    public boolean isFinalOperation( ResourceAccessGate.Operation operation ) {
+        return finalOperations.contains(operation);
+    }
+    
+    public ResourceAccessGate getResourceAccessGate () {
+        return resourceAccessGate;
+    }
+    
+}

Added: sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateManager.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateManager.java?rev=1452322&view=auto
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateManager.java
(added)
+++ sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/ResourceAccessGateManager.java
Mon Mar  4 14:23:34 2013
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceresolver.accessgate;
+
+import java.util.List;
+
+import org.apache.sling.api.resource.ResourceAccessGate;
+
+public interface ResourceAccessGateManager {
+
+    public List<ResourceAccessGateHandler> getMatchingResourceAccessGateHandlers (
String path, ResourceAccessGate.Operation operation );
+}

Added: sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceDecorator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceDecorator.java?rev=1452322&view=auto
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceDecorator.java
(added)
+++ sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceDecorator.java
Mon Mar  4 14:23:34 2013
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.resourceresolver.accessgate.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.References;
+import org.apache.sling.api.resource.NonExistingResource;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceDecorator;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.resource.ResourceAccessGate;
+import org.apache.sling.api.resource.ResourceAccessGate.GateResult;
+import org.apache.sling.resourceresolver.accessgate.ResourceAccessGateHandler;
+import org.apache.sling.resourceresolver.accessgate.ResourceAccessGateManager;
+
+@References( {
+    @Reference(name = "ResourceAccessGateManager", referenceInterface = ResourceAccessGateManager.class,
cardinality = ReferenceCardinality.MANDATORY_UNARY, policy = ReferencePolicy.DYNAMIC, bind
= "setResourceAccessGateManager", unbind = "unsetResourceAccessGateManager") })
+
+public class AccessGateResourceDecorator implements ResourceDecorator {
+    
+    private ResourceAccessGateManagerTracker resAccessGateManagerTracker;
+    
+    public AccessGateResourceDecorator ( ResourceAccessGateManagerTracker resAccessGateManagerTracker
) {
+        this.resAccessGateManagerTracker = resAccessGateManagerTracker;
+    }
+
+    @Override
+    public Resource decorate(Resource resource) {
+        Resource returnValue = resource;
+        ResourceResolver resResolver = resource.getResourceResolver();
+        String user = resResolver.getUserID();
+        ResourceAccessGateManager resourceAccessGateManager = resAccessGateManagerTracker.getResourceAccessGateManager();
+        
+        if ( resourceAccessGateManager != null ) {
+            List<ResourceAccessGateHandler> accessGateHandlers =
+                    resourceAccessGateManager.getMatchingResourceAccessGateHandlers( resource.getPath(),
ResourceAccessGate.Operation.READ );
+            
+            GateResult finalGateResult = null;
+            boolean canReadAllValues = false;
+            List<ResourceAccessGate> accessGatesForValues = null;
+            
+            for (ResourceAccessGateHandler resourceAccessGateHandler : accessGateHandlers)
{
+                GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canRead(resource,
user);
+                if ( !canReadAllValues && gateResult == GateResult.GRANTED ) {
+                    if ( resourceAccessGateHandler.getResourceAccessGate().canReadAllValues(resource,
user) ) {
+                        canReadAllValues = true;
+                        accessGatesForValues = null;
+                    }
+                    else {
+                        if ( accessGatesForValues == null ) {
+                            accessGatesForValues = new ArrayList<ResourceAccessGate>();
+                        }
+                        accessGatesForValues.add( resourceAccessGateHandler.getResourceAccessGate()
);
+                    }
+                }
+                if ( finalGateResult == null ) {
+                    finalGateResult = gateResult;
+                }
+                else if ( finalGateResult == GateResult.DENIED ){
+                    finalGateResult = gateResult;
+                }
+                if ( resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)
) {
+                    break;
+                }
+            }
+            
+            // wrap Resource if read access is not or partly (values) not granted 
+            if ( finalGateResult == GateResult.DENIED ) {
+                returnValue = new NonExistingResource( resResolver, resource.getPath() );
+            }
+            else if ( finalGateResult == GateResult.DONTCARE ) {
+                returnValue = resource;
+            }
+            else if ( !canReadAllValues ) {
+                returnValue = new AccessGateResourceWrapper( resource, accessGatesForValues
);
+            }
+        }
+        
+        return returnValue;
+    }
+
+    @Override
+    public Resource decorate(Resource resource, HttpServletRequest request) {
+        return decorate( resource );
+    }
+    
+}

Added: sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java?rev=1452322&view=auto
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java
(added)
+++ sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/AccessGateResourceWrapper.java
Mon Mar  4 14:23:34 2013
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceresolver.accessgate.impl;
+
+import java.util.List;
+
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceAccessGate;
+import org.apache.sling.api.resource.ResourceWrapper;
+
+/**
+ * The <code>AccessGateResourceWrapper</code> wraps a <code>Resource</code>
and 
+ * intercepts calls to adaptTo to wrap the adapted <code>ValueMap</code> or
+ * also a <code>ModifiableValueMap</code> to enforce access rules defined
+ * by implementations of <code>ResourceAccessGate</code>
+ *
+ */
+public class AccessGateResourceWrapper extends ResourceWrapper {
+    
+    private List<ResourceAccessGate> accessGatesForValues;
+    
+    /**
+     * Creates a new wrapper instance delegating all method calls to the given
+     * <code>resource</code>, but intercepts the calls with checks to the
+     * applied ResourceAccessGate instances.
+     */
+    public AccessGateResourceWrapper(final Resource resource, final List<ResourceAccessGate>
accessGatesForValues) {
+        super( resource );
+        this.accessGatesForValues = accessGatesForValues;
+    }
+
+    /**
+     * Returns the value of calling <code>adaptTo</code> on the
+     * {@link #getResource() wrapped resource}.
+     */
+    @Override
+    public <AdapterType> AdapterType adaptTo(Class<AdapterType> type) {
+        //TODO intercept adaptions of ValueMap
+        return getResource().adaptTo(type);
+    }
+
+
+}

Added: sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateManagerImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateManagerImpl.java?rev=1452322&view=auto
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateManagerImpl.java
(added)
+++ sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateManagerImpl.java
Mon Mar  4 14:23:34 2013
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceresolver.accessgate.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Deactivate;
+import org.apache.felix.scr.annotations.Properties;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.resource.ResourceAccessGate;
+import org.apache.sling.resourceresolver.accessgate.ResourceAccessGateHandler;
+import org.apache.sling.resourceresolver.accessgate.ResourceAccessGateManager;
+import org.osgi.framework.Constants;
+import org.osgi.service.component.ComponentContext;
+
+@Component(
+        name = "org.apache.sling.resourceresolver.accessgate.ResourceAccessGateManager",
+        immediate = true )
+@Service( value={ResourceAccessGateManager.class})
+   @Properties({
+       @Property(name = Constants.SERVICE_DESCRIPTION, value = "Apache Sling ResourceAccessGateManager"),
+       @Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation")
+   })
+public class ResourceAccessGateManagerImpl implements ResourceAccessGateManager {
+    
+    private ResourceAccessGateTracker resourceAccessGateTracker;
+
+    // ---------- SCR Integration ---------------------------------------------
+
+    /** Activates this component, called by SCR before registering as a service */
+    @Activate
+    protected void activate(final ComponentContext componentContext) {
+        resourceAccessGateTracker = new ResourceAccessGateTracker( componentContext.getBundleContext()
);
+        resourceAccessGateTracker.open();
+        
+    }
+
+    /**
+     * Deativates this component (called by SCR to take out of service)
+     */
+    @Deactivate
+    protected void deactivate() {
+        resourceAccessGateTracker.close();
+    }
+    
+    public List<ResourceAccessGateHandler> getMatchingResourceAccessGateHandlers (
String path, ResourceAccessGate.Operation operation ) {
+        /* TODO: maybe caching some frequent paths with read operation would be a good idea
*/
+        List<ResourceAccessGateHandler> returnValue = resourceAccessGateTracker.getResourceAccessGateHandlers();
+        
+        if ( returnValue.size() > 0 ) {
+            returnValue = new ArrayList<ResourceAccessGateHandler>();
+            
+            for (ResourceAccessGateHandler resourceAccessGateHandler : resourceAccessGateTracker.getResourceAccessGateHandlers()
) {
+                if ( resourceAccessGateHandler.matches(path, operation) ) {
+                    returnValue.add(resourceAccessGateHandler);
+                }
+            }
+        }
+        
+        return returnValue;
+    }
+    
+    public boolean areResourceAccessGatesRegistered () {
+        return (resourceAccessGateTracker.size() > 0 );
+    }
+
+}

Added: sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateManagerTracker.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateManagerTracker.java?rev=1452322&view=auto
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateManagerTracker.java
(added)
+++ sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateManagerTracker.java
Mon Mar  4 14:23:34 2013
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceresolver.accessgate.impl;
+
+import org.apache.sling.resourceresolver.accessgate.ResourceAccessGateManager;
+import org.osgi.framework.BundleContext;
+import org.osgi.util.tracker.ServiceTracker;
+
+public class ResourceAccessGateManagerTracker extends ServiceTracker {
+
+    /**
+     * Constructor
+     */
+    public ResourceAccessGateManagerTracker(final BundleContext context) {
+        super(context, ResourceAccessGateManager.class.getName(), null);
+    }
+    
+    public ResourceAccessGateManager getResourceAccessGateManager () {
+        return (ResourceAccessGateManager) getService();
+    }
+
+}

Added: sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java?rev=1452322&view=auto
==============================================================================
--- sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java
(added)
+++ sling/trunk/bundles/resourceresolver/src/main/java/org/apache/sling/resourceresolver/accessgate/impl/ResourceAccessGateTracker.java
Mon Mar  4 14:23:34 2013
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceresolver.accessgate.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.sling.api.resource.ResourceAccessGate;
+import org.apache.sling.api.resource.ResourceDecorator;
+import org.apache.sling.commons.osgi.SortingServiceTracker;
+import org.apache.sling.resourceresolver.accessgate.ResourceAccessGateHandler;
+import org.apache.sling.resourceresolver.impl.ResourceResolverImpl;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceReference;
+import org.osgi.framework.ServiceRegistration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class ResourceAccessGateTracker extends SortingServiceTracker<ResourceAccessGate>
{
+    
+    private List<ResourceAccessGateHandler> resourceAccessGateHandlers = null;
+    private ServiceRegistration decoratorRegistration = null;
+    private ResourceAccessGateManagerTracker resAccessGateManagerTracker = null;
+    
+    /**
+     * Constructor
+     */
+    public ResourceAccessGateTracker(final BundleContext context ) {
+        super(context, ResourceAccessGate.class.getName());
+    }
+
+    /**
+     * @see org.osgi.util.tracker.ServiceTracker#removedService(org.osgi.framework.ServiceReference,
java.lang.Object)
+     */
+    @Override
+    public void removedService(ServiceReference reference, Object service) {
+        super.removedService(reference, service);
+        resourceAccessGateHandlers = null;
+        registerAccessGateResourceDecorator( reference.getBundle().getBundleContext(), size()
);
+    }
+
+    /**
+     * @see org.osgi.util.tracker.ServiceTrackerCustomizer#modifiedService(org.osgi.framework.ServiceReference,
java.lang.Object)
+     */
+    @Override
+    public void modifiedService(ServiceReference reference, Object service) {
+        super.modifiedService(reference, service);
+        resourceAccessGateHandlers = null;
+    }
+
+    /**
+     * @see org.osgi.util.tracker.ServiceTrackerCustomizer#addingService(org.osgi.framework.ServiceReference)
+     */
+    @Override
+    public Object addingService(ServiceReference reference) {
+        Object returnValue = super.addingService(reference);
+        resourceAccessGateHandlers = null;
+        registerAccessGateResourceDecorator( reference.getBundle().getBundleContext(), size()
+ 1 );
+        return returnValue;
+    }
+    
+    public List<ResourceAccessGateHandler> getResourceAccessGateHandlers () {
+        List<ResourceAccessGateHandler> returnValue = resourceAccessGateHandlers;
+        
+        if ( returnValue == null )
+        {
+            resourceAccessGateHandlers = new ArrayList<ResourceAccessGateHandler>();
+            for (ServiceReference serviceReference : getSortedServiceReferences()) {
+                resourceAccessGateHandlers.add( new ResourceAccessGateHandler(serviceReference)
);
+            }
+            resourceAccessGateHandlers = Collections.unmodifiableList(resourceAccessGateHandlers);
+            returnValue = resourceAccessGateHandlers;
+        }
+        
+        return returnValue;
+    }
+    
+    private void registerAccessGateResourceDecorator ( BundleContext bundleContext, int nrOfServices
) {
+        if ( decoratorRegistration == null && nrOfServices > 0 ) {
+            synchronized( this ) {
+                resAccessGateManagerTracker = new ResourceAccessGateManagerTracker( bundleContext
);
+                resAccessGateManagerTracker.open();
+                decoratorRegistration = bundleContext.registerService( ResourceDecorator.class.getName(),

+                        new AccessGateResourceDecorator( resAccessGateManagerTracker ), null);
+            }
+        }
+        else if ( decoratorRegistration != null && nrOfServices == 0 )
+        {
+            synchronized( this ) {
+                decoratorRegistration.unregister();
+                resAccessGateManagerTracker.close();
+            }
+            decoratorRegistration = null;
+        }
+    }
+    
+}



Mime
View raw message